stealc

General

Target

c6d76480adfb9b563997f74f74964f0833c2f7eacfa72258c9d2b80a279fe6d4
Size

365KB
Sample

240508-3xfpsseg3y
MD5

33179813ef6865c32c666fc519eaad03
SHA1

a3cb6a5b14fea9f5643d07754fffe9dfd2172fb9
SHA256

c6d76480adfb9b563997f74f74964f0833c2f7eacfa72258c9d2b80a279fe6d4
SHA512

40d743ff5b2ee373e763b78ffebce7c8d898b59b595173a504ec26918c9c039213c92478156936faa1bbbe63e11ee6f9122b8f61a65a45f17e26c6539e773053
SSDEEP

6144:mfcBWeUkksvXwBbM4HxlzmJp2C5kbX1Z0DR7M1jTs5gYTmWI:mfcUeGzhHxNQKX1eDR7un0mWI

Score

10^/10

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.150

Attributes

url_path
/c698e1bc8a2f5e6d.php

Targets

- Target
  
  c6d76480adfb9b563997f74f74964f0833c2f7eacfa72258c9d2b80a279fe6d4
- Size
  
  365KB
- MD5
  
  33179813ef6865c32c666fc519eaad03
- SHA1
  
  a3cb6a5b14fea9f5643d07754fffe9dfd2172fb9
- SHA256
  
  c6d76480adfb9b563997f74f74964f0833c2f7eacfa72258c9d2b80a279fe6d4
- SHA512
  
  40d743ff5b2ee373e763b78ffebce7c8d898b59b595173a504ec26918c9c039213c92478156936faa1bbbe63e11ee6f9122b8f61a65a45f17e26c6539e773053
- SSDEEP
  
  6144:mfcBWeUkksvXwBbM4HxlzmJp2C5kbX1Z0DR7M1jTs5gYTmWI:mfcUeGzhHxNQKX1eDR7un0mWI
Score

10^/10

stealc zgrat discovery rat stealer
- Detect ZGRat V1
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

4

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect ZGRat V1

ZGRat

Downloads MZ/PE file

Checks computer location settings

Executes dropped EXE

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2